ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Neetokb

v1.0.2

NeetoKB integration. Manage Articles, Categories. Use when the user wants to interact with NeetoKB data.

0· 117·0 current·0 all-time
byVlad Ursul@gora050
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the runtime instructions: the SKILL.md consistently instructs use of the Membrane CLI to connect to and operate on NeetoKB. It does not request unrelated credentials, binaries, or config paths.
Instruction Scope
The instructions stay within the stated purpose (install Membrane CLI, login, create connections, list/run actions, and proxy requests). One noteworthy capability: membrane request acts as a proxy that can send arbitrary HTTP requests to the target service on behalf of the authenticated connection — this is expected for a connector but means the agent can issue arbitrary proxied API calls once a connection exists.
Install Mechanism
There is no install spec in the registry; the SKILL.md recommends installing @membranehq/cli via npm (npm install -g). This is a common, expected install path for a CLI but has the usual caveats of global npm installs (requires filesystem permissions, installs a globally-executable binary). The package name is a scoped public npm package (traceable); no direct downloads or extract-from-URL steps are present.
Credentials
The skill declares no required environment variables, no secret requests, and instructs users to rely on Membrane-managed auth rather than providing API keys. The level of requested access is proportional to the stated functionality.
Persistence & Privilege
The skill is not marked always:true and has no install-time hooks in the registry. It does not request elevated persistence or modification of other skills' configurations.
Assessment
This skill is instruction-only and coherent: it expects you to install and use the public @membranehq/cli to authenticate and proxy requests to NeetoKB. Before installing/use, verify the npm package and repository (check the package on the npm registry and the GitHub repo), be aware that 'npm install -g' modifies your system PATH and requires appropriate permissions, and understand that once you create a Membrane connection the CLI can proxy arbitrary API requests to the service — only create connections for services/accounts you trust. If you need higher assurance, review the Membrane CLI source and release pages and avoid entering any secrets into chats; follow the documented browser-based login flow rather than pasting credentials into prompts.

Like a lobster shell, security has layers — review code before you run it.

latestvk976z14rw31v6va92dmab1p0zh842wp7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments